You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandeep More (Jira)" <ji...@apache.org> on 2021/10/11 15:10:00 UTC
[jira] [Created] (KNOX-2679) Trim Pac4j entitlements to avoid
cookie too large issue.
Sandeep More created KNOX-2679:
----------------------------------
Summary: Trim Pac4j entitlements to avoid cookie too large issue.
Key: KNOX-2679
URL: https://issues.apache.org/jira/browse/KNOX-2679
Project: Apache Knox
Issue Type: Bug
Components: Server
Reporter: Sandeep More
Assignee: Sandeep More
Currently with KnoxSSO if the user is part of too many groups SAML assertions that we get back from IdP is huge. This cause hadoop-jwt cookie to not set throwing the SSO in a loop.
Knox does not need groups, groups in knox are figured out based on the hadoop-user-group lookup. We should be able to filter out groups from the SAML assertion.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)